India‘s advanced cybersecurity agency, CERT-In, has declared an advisory about “BlackRock” Android malware. According to the researchers, the Trojan can reveal bank credentials and other important data to cybercriminals. You can extract login credentials and credit card information from a wide range of banking applications. This malware can also take private data of email applications, e-commerce applications, and social media applications, CERT-In warned.
“A new type of Android malware named” BlackRock “provided with data theft skills is told to be attacking a broad variety of Android applications. (Sic) It can steal credentials and credit card information from more than 300 applications. such as email customers, e-commerce applications, virtual currency, messaging or social media applications, entertainment applications, banking, and financial applications, etc., “the agency stated. To mitigate the threat, CERT-In recommends not installing applications from unknown sources.
BlackRock was originally discovered in May and detailed earlier this month by Dutch-based cybersecurity company ThreatFabric. According to ThreatFabric researchers, BlackRock “is originated from the Xerxes banking malware code, which itself is a strain of the Android banking Trojan LokiBot.” The Xerxes source code was openly published by its founder around May 2019, making it available to any threat actor.
Meantime, BlackRock targets 337 Android apps, which means significantly higher than any known malicious code. According to the researchers, when the malware starts on the victim’s device, it hides its icon from the app drawer. Then it disguises itself as an update from Google to request the accessibility service privilege. Once this privilege is granted, it creates additional permissions for itself. Those additional permissions allow you to steal data without any additional interaction with the user.